Tucows releases “Tiered Access” Whois request data

Domain name registrar Tucows (NASDAQ: TCX) released data today about requests for Whois information under its tiered access program.

The company started the program following the implementation of the European Union’s General Data Protection Policy (GDPR) last year. At that time, Tucows masked Whois records for all domain names on its platform.

The company, which has over 20 million domains under management, said it has received 2,100 data access requests since starting the tiered access program in May. 65% of the requests came from a single requestor.

While Tucows didn’t name this company in its blog post, it’s certainly AppDetex on behalf of Facebook, which flooded Tucows with requests timed around ICANN meetings.

Overall, Tucows provided data on 25% of requests including for 21% of AppDetex’s requests.

These numbers don’t tell the whole story. Only about 5% of requests were denied; the other 70% of requests weren’t fulfilled because the requestor didn’t respond to Tucows’ request for more information. So the majority of requestors that provided all the information Tucows wanted got data.

90% of requests came from commercial litigation. This includes the AppDetex requests.

Tucows points out that few requests came from security researchers. (That said, I believe most security researchers use Whois data in bulk to connect the dots, so requesting individual records is not feasible.)

The data don’t include ICANN Compliance requests. Tucows has not given personal registration data in response to any of ICANN’s requests but has been able to help ICANN investigations without disclosing this data, it said.